- Label: A binary string that clearly identifies the purpose
of this KDF's derived keying material. For TCP-AO,
we use the ASCII string "TCP-AO", where the last
character is the capital letter "O", not to be
confused with a zero. While this may seem like
overkill in this specification since TCP-AO only
describes one call to the KDF, it is included in
order to comply with FIPS 140 certifications.

It should say:

- Label: A binary string that clearly identifies the purpose
of this KDF's derived keying material. For TCP-AO,
we use the ASCII string "TCP-AO", where the last
character is the capital letter "O", not to be
confused with a zero. The ASCII string is terminated
with a null octet (0x00). While this may seem like
overkill in this specification since TCP-AO only
describes one call to the KDF, it is included in
order to comply with FIPS 140 certifications.

Notes:

This section states that "Both of these KDFs are based on the iteration-mode KDFs specified in [NIST-SP800-108].", which is later clarified to be the "counter mode" KDF defined in that document. The definition of the "Label" input to the KDF in the original text is not clear.

[NIST-SP800-108] specifies that a 0x00 octet should follow the Label. This 0x00 octet is important when the KDF does not have control over the Context given it, which is the case here -- RFC 5926 depends on the definition in RFC 5925. RFC 5925 currently declares two fixed-size inputs for the Context (See Figures 7 & 8 of RFC 5925), so the Context length differs. Also, RFC 5925 RFC could be updated over over time to include other Contexts that are variable sized. The risk of excluding 0x00 is enabling an attacker to choose a specially-crafted Context that violates the clean separation between the Label and Context arguments. Therefore, it is important to include the 0x00 octet for TCP-AO.

I believe this 0x00 is implied in the specification of the string "TCP-AO", since conventionally many string definitions include a trailing 0x00 octet, The text should state that the 0x00 octet is present as part of the string.

If this errata does not result in adding the 0x00 octet, then its omission needs to be justified.
--VERIFIER NOTES--
NIST-SP800-108 does not require the use of 0x00. It only requires that the length and order of each field be defined unambiguously. The method of providing that length unambiguously to the KDF algorithm is an implementation issue.